Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2014: Research in Attacks, Intrusions and Defenses pp 341–361Cite as

Formal Analysis of Security Procedures in LTE - A Feasibility Study

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8688))

Abstract

The only part of the Long Term Evolution (LTE) security standard that has been formally analyzed is the Authentication and Key Agreement (AKA) procedure. It is not clear how well existing security related verification tools can handle other types of procedures. In this work, we use ProVerif to analyze the procedures related to session management and mobility. Our analysis has shown that most of the secrecy and agreement properties hold which was expected. However, we had difficulties proving stronger injective agreement properties.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 3GPP The Mobile Broadband Standard, http://www.3gpp.org/specifications/

  2. 10th Computer Security Foundations Workshop (CSFW 1997), Rockport, Massachusetts, USA, June 10-12. IEEE Computer Society (1997)

    Google Scholar 

  3. Abadi, M., Blanchet, B., Fournet, C.: Just Fast Keying in the Pi Calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Hankin, C., Schmidt, D. (eds.) POPL, pp. 104–115. ACM (2001)

    Google Scholar 

  5. Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, pp. 205–216. ACM (2012)

    Google Scholar 

  6. Armando, A., et al.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Blanchet, B.: Automatic verification of correspondences for security protocols

    Google Scholar 

  8. Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: CSFW, pp. 82–96. IEEE Computer Society (2001)

    Google Scholar 

  9. Blanchet, B., Chaudhuri, A.: Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage. In: IEEE Symposium on Security and Privacy, pp. 417–431. IEEE Computer Society (2008)

    Google Scholar 

  10. Blanchet, B., Smyth, B., Cheval, V.: ProVerif 1.88: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial

    Google Scholar 

  11. Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Automatic validation of protocol narration

    Google Scholar 

  12. Bouassida, M.S., Chridi, N., Chrisment, I., Festor, O., Vigneron, L.: Automated verification of a key management architecture for hierarchical group protocols. Annales des Télécommunications 62(11-12), 1365–1387 (2007)

    Google Scholar 

  13. Cremers, C.J.F.: The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Cremers, C.J.F.: Session-state Reveal Is Stronger Than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange Protocol. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 20–33. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Cremers, C.: Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  17. Fang, J., Jiang, R.: An analysis and improvement of 3GPP SAE AKA protocol based on strand space model. In: 2010 2nd IEEE International Conference on Network Infrastructure and Digital Content, pp. 789–793 (September 2010)

    Google Scholar 

  18. Holzmann, G.J.: The Model Checker SPIN. IEEE Trans. Software Eng. 23(5), 279–295 (1997)

    Article  MathSciNet  Google Scholar 

  19. Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  20. Lowe, G.: A Hierarchy of Authentication Specification. In: CSFW [2], pp. 31–44

    Google Scholar 

  21. Lowe, G.: Casper: A Compiler for the Analysis of Security Protocols. In: CSFW [2], pp. 18–30

    Google Scholar 

  22. Meadows, C.: The NRL Protocol Analyzer: An Overview. J. Log. Program. 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  23. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN Prover for the Symbolic Analysis of Security Protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  24. Qachri, N., Markowitch, O., Dricot, J.-M.: A formally Verififed Protocol for Secure Vertical Handovers in 4G Heterogeneous Networks. International Journal of Security and Its Applications 7(6) (2013)

    Google Scholar 

  25. Schmidt, B., Sasse, R., Basin, D.: Automated Verification of Group Key Agreement Protocols. In: IEEE Symposium on Security and Privacy (to appear, 2014)

    Google Scholar 

  26. Taha, A.M., Abdel-Hamid, A.T., Tahar, S.: Formal analysis of the handover schemes in mobile WiMAX networks. In: IFIP International Conference on Wireless and Optical Communications Networks, WOCN 2009, pp. 1–5 (April 2009)

    Google Scholar 

  27. Taha, A.M., Abdel-Hamid, A.T., Tahar, S.: Formal Verification of IEEE 802.16 Security Sublayer Using Scyther Tool. In: International Conference on Network and Service Security, N2S 2009, pp. 1–5 (June 2009)

    Google Scholar 

  28. Tang, C., Naumann, D.A., Wetzel, S.: Symbolic Analysis for Security of Roaming Protocols in Mobile Networks - (Extended Abstract). In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm. LNICST, vol. 96, pp. 480–490. Springer (2011)

    Google Scholar 

  29. Tsay, J.-K., Mjølsnes, S.F.: A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 65–76. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  30. Zhang, M., Fang, Y.: Security analysis and enhancements of 3gpp authentication and key agreement protocol

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ericsson Research Stockholm, Färögatan 6, 16480, Sweden

    Noomene Ben Henda & Karl Norrman

Authors
  1. Noomene Ben Henda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karl Norrman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Angelos Stavrou

  2. VU University Amsterdam, The Netherlands

    Herbert Bos

  3. Stevens Institute of Technology, NJ, USA

    Georgios Portokalidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Ben Henda, N., Norrman, K. (2014). Formal Analysis of Security Procedures in LTE - A Feasibility Study. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11379-1_17

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11378-4

  • Online ISBN: 978-3-319-11379-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation